Derant

Incident Response

What to do when you are compromised?

What:
Clean-up & fight-back of compromises. Guiding you on what to do. Not too much, not too little.
Purpose:
Getting an overview of the compromise, remove intruders from network and document what has happened.
Advantages:
No standard roll-back procedure, but dedicated solution of the incident. Even the most advanced compromises are dealt with in close collaboration with you.

Derant’s experts performs all the necessary steps to detain, map extent, analyse consequences and remove the intruders. This is done in close collaboration with you and we will guide you to perform as much yourself as you desire.

Depending on the situation, the following areas can be covered:

  • Extent of compromise and key questions, e.g.
    Type of compromise, intruder activities, tools used by intruders, network & data accessed, potential activities, insiders involved, physical presence involved etc.
  • Activities needed in order to clean up the systems and lock out the potential intruders
  • Any potential external activities including communication, legal actions incl. police filing, dealing with commercial consequences and insurance questions. Including necessary documentation and evidence.
  • Potential recommended areas for improvement of the IT security setup
  • Potential recommendations for a preparedness setup that will strengthen the organisation for any future attacks

Derant’s experts are among the best in the field, making the incident response swift and efficient. Derant’s experts has long experience dealing with unknown advanced attackers and methodologies.

If the compromise is detected by Derant’s solution as self-service or as managed service, the response can be performed even faster. Hackers are found before the damage is done and forensics data are readily available.

Thereby the Incident Response costs a fraction of compromises discovered too late.

Do you suspect you are compromised? Contact us directly on +45 20 60 72 99.

If you suspect you are compromised by an advanced hacker, we strongly recommend not to use your network to contact us. Instead call or send us a text message.